Aller au contenu

Zebulon75

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Zebulon75

  1. Zebulon75
    Nop plus rien du tout, pas de ralentissement, pas de popup, pas de téléchargement nickel merci, merci, merci
  2. Zebulon75
    salut voici les rapports : combofix ___________________________________________________________ ComboFix 08-07-22.4 - Delll 2008-07-23 16:44:51.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.513 [GMT 2:00] Endroit: C:\Documents and Settings\Delll\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Delll\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\hgtgaqaf.dll C:\WINDOWS\system32\kpevcpjs.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))))))) . 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Documents and Settings\Delll\Application Data\Malwarebytes 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-22 15:38 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 15:38 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-22 10:13 . 2008-07-22 10:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-07-22 10:09 . 2008-07-22 10:36 <REP> d-------- C:\SDFix 2008-07-21 11:23 . 2008-07-22 10:36 <REP> d-------- C:\HiJack 2008-07-18 12:49 . 2008-07-18 12:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-18 12:49 . 2008-07-21 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-17 15:46 . 2008-07-17 15:49 <REP> d-------- C:\WINDOWS\system32\aumsDK01 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp\zpv201 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp 2008-07-09 10:31 . 2008-07-09 10:31 581,219 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23791-1.bin 2008-06-26 11:39 . 2008-06-26 11:41 <REP> d-------- C:\Program Files\Opcion Font Viewer 2008-06-26 11:39 . 2008-06-26 11:39 <REP> d-------- C:\Documents and Settings\Delll\Application Data\Chiu Software Systems 2008-06-26 10:41 . 2008-06-26 10:41 213,073 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23039-1.bin 2008-06-26 10:32 . 2008-06-26 10:32 179,804 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23036-1.bin . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-22 15:32 --------- d-----w C:\Documents and Settings\Delll\Application Data\FileZilla 2008-07-21 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-15 10:13 --------- d-----w C:\Documents and Settings\Delll\Application Data\XnView 2008-07-09 08:36 79,187 ----a-w C:\Documents and Settings\Delll\Application Data\Cache-1251.bin 2008-07-09 08:36 11,107 ----a-w C:\Documents and Settings\Delll\Application Data\Global.bin 2008-06-19 13:55 196 ----a-w C:\Documents and Settings\Delll\Application Data\Ctcts_22621-1.bin 2008-06-19 09:42 --------- d-----w C:\Documents and Settings\Delll\Application Data\InfraRecorder 2008-06-19 09:26 --------- d-----w C:\Program Files\InfraRecorder 2008-06-13 08:14 20 ----a-w C:\Documents and Settings\All Users\Application Data\GroupPays.bin 2008-06-13 08:14 15,824 ----a-w C:\Documents and Settings\All Users\Application Data\Pays.bin 2008-06-12 14:54 --------- d-----w C:\Documents and Settings\Delll\Application Data\Winamp 2008-06-12 14:40 --------- d-----w C:\Program Files\XnView 2008-06-12 12:29 --------- d-----w C:\Documents and Settings\Delll\Application Data\Creative 2008-06-12 09:48 --------- d-----w C:\Program Files\Winamp 2008-06-12 09:44 --------- d-----w C:\Program Files\Visicom Media 2008-06-12 08:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-12 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-06-12 08:47 --------- d-----w C:\Program Files\QuickTime 2008-06-12 08:29 --------- d-----w C:\Program Files\Bonjour 2008-06-12 08:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-06-11 16:22 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-11 16:14 --------- d-----w C:\Program Files\Symantec 2008-06-11 16:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-11 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-11 16:13 27,262,976 ----a-w C:\VIRTPART.DAT 2008-06-11 15:31 --------- d-----w C:\Documents and Settings\Delll\Application Data\AdobeUM 2008-06-11 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-06-11 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 14:24 --------- d-----w C:\Program Files\Snapshot Viewer 2008-06-11 14:23 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-11 14:23 --------- d-----w C:\Documents and Settings\Delll\Application Data\Microsoft Web Folders 2008-06-11 14:19 --------- d-----w C:\Documents and Settings\Delll\Application Data\Symantec 2008-06-11 14:16 --------- d-----w C:\Program Files\Corel 2008-06-11 14:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall 2008-06-11 14:05 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-06-11 14:03 --------- d-----w C:\Program Files\Roxio 2008-06-11 13:56 --------- d-----w C:\Program Files\Microsoft Works 2008-06-11 13:55 --------- d-----w C:\Program Files\Creative 2008-06-11 13:54 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-06-11 13:54 --------- d-----w C:\Program Files\Dell 2008-06-11 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\Delll\Application Data\McAfee.com Personal Firewall 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 1999-04-06 20:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 10:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 10:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 10:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 10:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 10:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . ((((((((((((((((((((((((((((( snapshot@2008-07-21_12.19.20.93 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-22 08:13:29 5,070,848 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-07-22 08:13:29 57,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-22 08:13:16 5,070,848 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-07-22 08:13:16 57,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 15:39 135168] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:34 1695232] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42 1159168] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 20:46 98304] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-10-13 20:44 95848] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-10-14 06:02 134856] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [bU] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588] Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 22:27:42 46080] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"= "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-12 21:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 16:45:42 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-23 16:46:22 ComboFix-quarantined-files.txt 2008-07-23 14:46:11 ComboFix2.txt 2008-07-23 13:16:08 Pre-Run: 12,191,690,752 octets libres Post-Run: 12,181,454,848 octets libres 154 ___________________________________________________________ Hijackthis ___________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:06, on 23/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SYS O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213200950265 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8863 bytes ___________________________________________________________
  3. Zebulon75
    Ok voici le rapport combofix : ________________________________________________________________ ComboFix 08-07-22.4 - Delll 2008-07-23 15:12:26.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.549 [GMT 2:00] Endroit: C:\Documents and Settings\Delll\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\cgadeahc.ini C:\WINDOWS\system32\dowkbixc.dll C:\WINDOWS\system32\ejhtccwk.ini C:\WINDOWS\system32\faqagtgh.ini C:\WINDOWS\system32\gNVxyGgh.ini C:\WINDOWS\system32\gNVxyGgh.ini2 C:\WINDOWS\system32\hdyqmi.dll C:\WINDOWS\system32\hgGyxVNg.dll C:\WINDOWS\system32\hgtgaqaf.dll C:\WINDOWS\system32\ircsxmda.dll C:\WINDOWS\system32\kpevcpjs.dll C:\WINDOWS\system32\lfqwfn.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rgggiufe.ini C:\WINDOWS\system32\rjnjit.dll C:\WINDOWS\system32\uihhkcaa.dll C:\WINDOWS\system32\ulhftqvj.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))))))) . 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Documents and Settings\Delll\Application Data\Malwarebytes 2008-07-22 15:38 . 2008-07-22 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-22 15:38 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 15:38 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-22 10:13 . 2008-07-22 10:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-07-22 10:09 . 2008-07-22 10:36 <REP> d-------- C:\SDFix 2008-07-21 11:23 . 2008-07-22 10:36 <REP> d-------- C:\HiJack 2008-07-18 12:49 . 2008-07-18 12:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-18 12:49 . 2008-07-21 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-17 15:46 . 2008-07-17 15:49 <REP> d-------- C:\WINDOWS\system32\aumsDK01 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp\zpv201 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp 2008-07-09 10:31 . 2008-07-09 10:31 581,219 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23791-1.bin 2008-06-26 11:39 . 2008-06-26 11:41 <REP> d-------- C:\Program Files\Opcion Font Viewer 2008-06-26 11:39 . 2008-06-26 11:39 <REP> d-------- C:\Documents and Settings\Delll\Application Data\Chiu Software Systems 2008-06-26 10:41 . 2008-06-26 10:41 213,073 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23039-1.bin 2008-06-26 10:32 . 2008-06-26 10:32 179,804 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23036-1.bin . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-22 15:32 --------- d-----w C:\Documents and Settings\Delll\Application Data\FileZilla 2008-07-21 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-15 10:13 --------- d-----w C:\Documents and Settings\Delll\Application Data\XnView 2008-07-09 08:36 79,187 ----a-w C:\Documents and Settings\Delll\Application Data\Cache-1251.bin 2008-07-09 08:36 11,107 ----a-w C:\Documents and Settings\Delll\Application Data\Global.bin 2008-06-19 13:55 196 ----a-w C:\Documents and Settings\Delll\Application Data\Ctcts_22621-1.bin 2008-06-19 09:42 --------- d-----w C:\Documents and Settings\Delll\Application Data\InfraRecorder 2008-06-19 09:26 --------- d-----w C:\Program Files\InfraRecorder 2008-06-13 08:14 20 ----a-w C:\Documents and Settings\All Users\Application Data\GroupPays.bin 2008-06-13 08:14 15,824 ----a-w C:\Documents and Settings\All Users\Application Data\Pays.bin 2008-06-12 14:54 --------- d-----w C:\Documents and Settings\Delll\Application Data\Winamp 2008-06-12 14:40 --------- d-----w C:\Program Files\XnView 2008-06-12 12:29 --------- d-----w C:\Documents and Settings\Delll\Application Data\Creative 2008-06-12 09:48 --------- d-----w C:\Program Files\Winamp 2008-06-12 09:44 --------- d-----w C:\Program Files\Visicom Media 2008-06-12 08:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-12 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-06-12 08:47 --------- d-----w C:\Program Files\QuickTime 2008-06-12 08:29 --------- d-----w C:\Program Files\Bonjour 2008-06-12 08:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-06-11 16:22 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-11 16:14 --------- d-----w C:\Program Files\Symantec 2008-06-11 16:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-11 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-11 16:13 27,262,976 ----a-w C:\VIRTPART.DAT 2008-06-11 15:31 --------- d-----w C:\Documents and Settings\Delll\Application Data\AdobeUM 2008-06-11 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-06-11 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 14:24 --------- d-----w C:\Program Files\Snapshot Viewer 2008-06-11 14:23 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-11 14:23 --------- d-----w C:\Documents and Settings\Delll\Application Data\Microsoft Web Folders 2008-06-11 14:19 --------- d-----w C:\Documents and Settings\Delll\Application Data\Symantec 2008-06-11 14:16 --------- d-----w C:\Program Files\Corel 2008-06-11 14:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall 2008-06-11 14:05 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-06-11 14:03 --------- d-----w C:\Program Files\Roxio 2008-06-11 13:56 --------- d-----w C:\Program Files\Microsoft Works 2008-06-11 13:55 --------- d-----w C:\Program Files\Creative 2008-06-11 13:54 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-06-11 13:54 --------- d-----w C:\Program Files\Dell 2008-06-11 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\Delll\Application Data\McAfee.com Personal Firewall 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 1999-04-06 20:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 10:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 10:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 10:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 10:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 10:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . ((((((((((((((((((((((((((((( snapshot@2008-07-21_12.19.20.93 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-22 08:13:29 5,070,848 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-07-22 08:13:29 57,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-22 08:13:16 5,070,848 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-07-22 08:13:16 57,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 15:39 135168] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:34 1695232] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42 1159168] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 20:46 98304] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-10-13 20:44 95848] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-10-14 06:02 134856] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [bU] "b01bdc8e"="C:\WINDOWS\system32\hgtgaqaf.dll" [bU] "BMb328ef12"="C:\WINDOWS\system32\kpevcpjs.dll" [bU] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588] Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 22:27:42 46080] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"= "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45] *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-12 21:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ R0 -: HKLM-Main,Start Page = hxxp://www.dell.fr/myway R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell.fr/myway R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 15:14:52 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-23 15:16:07 ComboFix-quarantined-files.txt 2008-07-23 13:15:29 Pre-Run: 12,217,147,392 octets libres Post-Run: 12,211,879,936 octets libres 202 _____________________________________________________________________
  4. Zebulon75
    Salut, voila le rapport de MBAM : ______________________________________________________________________ Malwarebytes' Anti-Malware 1.22 Version de la base de données: 978 Windows 5.1.2600 Service Pack 3 15:45:37 2008-07-22 mbam-log-7-22-2008 (15-45-37).txt Type de recherche: Examen rapide Eléments examinés: 40490 Temps écoulé: 3 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\BMb328ef12.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMb328ef12.txt (Trojan.Vundo) -> Quarantined and deleted successfully. ______________________________________________________________________ à tout hasard j'ai fait un deuxième scan MBAM et il n'a rien trouvé Un grand merci !
  5. Zebulon75
    Bonjour, je retiens pour combofix.... et thx pour ta réponse ________________________________________________________________________________ _____ donc voici le rapport SDfix : ________________________________________________________________________________ _____ SDFix: Version 1.207 Run by Delll on 2008-07-22 at 10:16 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Delll\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted Folder C:\Documents and Settings\Delll\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 10:25:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe:*:Enabled:Symantec Antivirus" "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Finished! ________________________________________________________________________________ _____ et voici le rapport Hijackthis ________________________________________________________________________________ _____ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27, on 2008-07-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\DOCUME~1\Delll\LOCALS~1\Temp\clclean.0001 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\HiJack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [b01bdc8e] rundll32.exe "C:\WINDOWS\system32\hgtgaqaf.dll",b O4 - HKLM\..\Run: [bMb328ef12] Rundll32.exe "C:\WINDOWS\system32\kpevcpjs.dll",s O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SYS O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213200950265 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9055 bytes ________________________________________________________________________________ _____
  6. Zebulon75
    Bonjour, Mon pc est infecté, un scan S&D révèle la présence de Virtumonde. conséquence : fenêtres intempestives + tentatives d'installation d'exe j'ai effectué un scan via Combofix et voici le rapport. Quelqu'un peut me les décrypter svp ? ________________________________________________________________________________ ComboFix 08-07-20.7 - Delll 2008-07-21 12:10:37.1 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.802 [GMT 2:00] Endroit: C:\Documents and Settings\Delll\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\cgadeahc.ini C:\WINDOWS\system32\dowkbixc.dll C:\WINDOWS\system32\ejhtccwk.ini C:\WINDOWS\system32\faqagtgh.ini C:\WINDOWS\system32\gNVxyGgh.ini C:\WINDOWS\system32\gNVxyGgh.ini2 C:\WINDOWS\system32\hdyqmi.dll C:\WINDOWS\system32\hgGyxVNg.dll C:\WINDOWS\system32\hgtgaqaf.dll C:\WINDOWS\system32\ircsxmda.dll C:\WINDOWS\system32\kpevcpjs.dll C:\WINDOWS\system32\lfqwfn.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rgggiufe.ini C:\WINDOWS\system32\rjnjit.dll C:\WINDOWS\system32\uihhkcaa.dll C:\WINDOWS\system32\ulhftqvj.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))))))) . 2008-07-21 11:23 . 2008-07-21 11:39 <REP> d-------- C:\HiJack 2008-07-18 12:49 . 2008-07-18 12:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-18 12:49 . 2008-07-21 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-18 10:04 . 2008-07-21 10:35 110,446 --a------ C:\WINDOWS\BMb328ef12.xml 2008-07-17 15:46 . 2008-07-17 15:49 <REP> d-------- C:\WINDOWS\system32\aumsDK01 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp\zpv201 2008-07-17 15:46 . 2008-07-17 15:46 <REP> d-------- C:\Temp 2008-07-16 14:29 . 2008-07-16 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-16 14:29 . 2008-07-16 14:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 10:31 . 2008-07-09 10:31 581,219 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23791-1.bin 2008-06-26 11:39 . 2008-06-26 11:41 <REP> d-------- C:\Program Files\Opcion Font Viewer 2008-06-26 11:39 . 2008-06-26 11:39 <REP> d-------- C:\Documents and Settings\Delll\Application Data\Chiu Software Systems 2008-06-26 10:41 . 2008-06-26 10:41 213,073 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23039-1.bin 2008-06-26 10:32 . 2008-06-26 10:32 179,804 --a------ C:\Documents and Settings\Delll\Application Data\Ctcts_23036-1.bin . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-21 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-21 08:49 --------- d-----w C:\Documents and Settings\Delll\Application Data\FileZilla 2008-07-15 10:13 --------- d-----w C:\Documents and Settings\Delll\Application Data\XnView 2008-07-09 08:36 79,187 ----a-w C:\Documents and Settings\Delll\Application Data\Cache-1251.bin 2008-07-09 08:36 11,107 ----a-w C:\Documents and Settings\Delll\Application Data\Global.bin 2008-06-19 13:55 196 ----a-w C:\Documents and Settings\Delll\Application Data\Ctcts_22621-1.bin 2008-06-19 09:42 --------- d-----w C:\Documents and Settings\Delll\Application Data\InfraRecorder 2008-06-19 09:26 --------- d-----w C:\Program Files\InfraRecorder 2008-06-13 08:14 20 ----a-w C:\Documents and Settings\All Users\Application Data\GroupPays.bin 2008-06-13 08:14 15,824 ----a-w C:\Documents and Settings\All Users\Application Data\Pays.bin 2008-06-12 14:54 --------- d-----w C:\Documents and Settings\Delll\Application Data\Winamp 2008-06-12 14:40 --------- d-----w C:\Program Files\XnView 2008-06-12 12:29 --------- d-----w C:\Documents and Settings\Delll\Application Data\Creative 2008-06-12 09:48 --------- d-----w C:\Program Files\Winamp 2008-06-12 09:44 --------- d-----w C:\Program Files\Visicom Media 2008-06-12 08:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-12 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-06-12 08:47 --------- d-----w C:\Program Files\QuickTime 2008-06-12 08:29 --------- d-----w C:\Program Files\Bonjour 2008-06-12 08:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-06-11 16:22 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-11 16:14 --------- d-----w C:\Program Files\Symantec 2008-06-11 16:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-11 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-11 16:13 27,262,976 ----a-w C:\VIRTPART.DAT 2008-06-11 15:31 --------- d-----w C:\Documents and Settings\Delll\Application Data\AdobeUM 2008-06-11 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-06-11 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 14:24 --------- d-----w C:\Program Files\Snapshot Viewer 2008-06-11 14:23 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-11 14:23 --------- d-----w C:\Documents and Settings\Delll\Application Data\Microsoft Web Folders 2008-06-11 14:19 --------- d-----w C:\Documents and Settings\Delll\Application Data\Symantec 2008-06-11 14:16 --------- d-----w C:\Program Files\Corel 2008-06-11 14:05 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-06-11 14:03 --------- d-----w C:\Program Files\Roxio 2008-06-11 13:56 --------- d-----w C:\Program Files\Microsoft Works 2008-06-11 13:55 --------- d-----w C:\Program Files\Creative 2008-06-11 13:54 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-06-11 13:54 --------- d-----w C:\Program Files\Dell 2008-06-11 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\Delll\Application Data\McAfee.com Personal Firewall 2008-06-11 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 1999-04-06 20:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 10:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 10:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 10:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 10:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 10:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 15:39 135168] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42 1159168] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 20:46 98304] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-10-13 20:44 95848] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-10-14 06:02 134856] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"= "C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-12 21:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" ________________________________________________________________________________ Voici le rapport hijackthis ________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45, on 2008-07-21 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\DOCUME~1\Delll\LOCALS~1\Temp\clclean.0001 C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Internet Explorer\iexplore.exe F:\_Appz\FirefoxPortable\FirefoxPortable.exe F:\_Appz\FirefoxPortable\App\firefox\firefox.exe C:\HiJack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [b01bdc8e] rundll32.exe "C:\WINDOWS\system32\hgtgaqaf.dll",b O4 - HKLM\..\Run: [bMb328ef12] Rundll32.exe "C:\WINDOWS\system32\kpevcpjs.dll",s O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SYS O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213200950265 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9066 bytes ________________________________________________________________________________
×
×
  • Créer...